BCWipe securely erases data from magnetic and solid-state memory, by repeatedly overwriting special patterns in the files to be destroyed. In normal mode, 34 patterns are used (of which 8 are random); in quick mode, U.S. DoD (Department of Defence) 5200.28 standard are used with 7-pass wiping; and in custom mode, U.S. DoD 5200.28 standards are used with a user-defined number of passes.

BEJY is a modular server application. It is packaged, by default, as a Web application container and mail server with SSL. It has functionality similar to inetd, and has some helper classes/functions to ease the implementation of new protocols. It provides a generic multithreaded TPC/IP server implementation with optional SSL support, covering the complete connection and thread management. Each supported service provides its protocol implementation. The current version comes with HTTP, SMTP, POP3, and IMAP protocol implementations. The HTTP protocol implementation also contains a servlet engine, a JSP 1.2 engine, a handler to invoke CGI, and other useful things. The mail protocols require a database using JDBC, as MySQL, MSSQL, and others.

BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.

BSDftpd-ssl is a secure and easy-to-use FTP server that supports industry standard TLS/SSL encryption and authentication for whole FTP sessions and data transfers. This implementation supports both the original FTP protocol and the RFC2228-compliant TLS/SSL enhancement. The package contains the secure FTP server (named "ftpd") and a command line TLS/SSL-aware FTP client (named "ftps"). The server's features include logging of transfers, changing of a session root (known as "chroot"), and virtual host support.

BSM Pseudonymizer pseudonymizes records from Solaris BSM audit trail files. Personal data such as user IDs, pathnames, timestamps, etc. is replaced with pseudonyms so that the generated output doesn't reveal private information about the system's users, but still preserves a maximum of integrity and consistency.

The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit. It works with Snort 1.9.0, 1.9.1, and 2.0.2.

Bandit is a system of loosely-coupled components
that provide
consistent identity services and create a
community that organizes and
standardizes identity-related technologies in an
open way, promoting
both interoperability and collaboration. It
implements open standard
protocols and specifications so identity services
can be constructed,
accessed, and integrated from multiple identity
sources. The Bandit
system supports many authentication methods and
provides user-centric
credential management.

BASE is the Basic Analysis and Security Engine. It
is based on the code from the Analysis Console for
Intrusion Databases (ACID) project. This
application provides a Web frontend to query and
analyze the alerts coming from a Snort IDS.

Bastille Unix (formerly Bastille Linux) aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat (Fedora Core, Enterprise Linux, and original Red Hat), SuSE, Gentoo,
Mandrake, and Debian Linux, as well as HP-UX and
Mac OS X. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational
component produces an admin who is less likely to
compromise the increased security.